package com.baipiao.permission.backend.controller.sys;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import com.baipiao.permission.backend.entity.response.Res;
import com.baipiao.permission.backend.entity.response.ResData;

/**
 * @author Livi Luo
 */


@RestController
@Tag(name = "角色测试接口", description = "测试不通角色可以访问的api")
@RequestMapping("/role")
public class RoleTestController {

    @Operation(summary = "所有角色可以访问")
    @RequestMapping(value = "anyone", method = RequestMethod.GET)
    public Res anyone() {
        return ResData.success("any role");
    }

    @Secured({"ROLE_root", "ROLE_admin"})
    @Operation(summary = "admin角色可以访问")
    @RequestMapping(value = "admin", method = RequestMethod.GET)
    public Res admin() {
        return ResData.success("admin");
    }

    @Secured({"ROLE_root", "ROLE_admin", "ROLE_user"})
    @Operation(summary = "admin和user角色可以访问")
    @RequestMapping(value = "user", method = RequestMethod.GET)
    public Res user() {
        return ResData.success("user");
    }

    @PreAuthorize("hasRole('root')||hasAnyRole('user','guest')")
    @Operation(summary = "user,guest角色可以访问")
    @RequestMapping(value = "guest", method = RequestMethod.GET)
    public Res guest() {
        return ResData.success("guest");
    }

}
